Information Systems Security and Privacy Protection



The main objective of the course is the familiarisation of the students with the terminology and main principles of the Information Systems Security area, thus ensuring a common understanding among students of differing backgrounds. Methodologies for analysing and managing in a systematic way the risk of an information system will be presented in detail, while the main principles for specifying the security policy of an organization will be also discussed.

Upon completion of this course, the students will be able to:

  • Understand in detail the main principles of the Information Systems Security Area.
  • Apply a Risk Analysis and Management Methodology.
  • Understand the aims and the structure of the security policy of an organization.
  • Understand the identification, authentication and access control mechanisms.
  • Evaluate the usability of a security product.
  • Judge the consequences from cyberspace risks.

Course Contents

  • Information and Communication Systems Security Terminology: Definitions and Principles.
  • Need for and scientific foundation of ‘Risk Analysis’
  • Best practices for Risk Management and for the identification of the appropriate security measures. Detailed presentation of the CRAMM Risk Analysis and Management Method.
  • Identification and Authentication Mechanisms.
  • Access Control Mechanisms.
  • Security Policies: Principles, Alternative Approaches, Required Characteristics.
  • Legal Framework for the protection of personal and sensitive data.
  • Usability of Security: Importance and Consequences.
  • Cyberspace Security.

  • S. Furnell, S. Katsikas, J. Lopez, A. Patel, (2008): Securing Information and Communications Systems, Principles Technologies and Applications, Artech House.
  • S. Gritzalis, T. Karygiannis and C. Skiannis, (2009): Security and Privacy in Wireless and Mobile Networking, Troubador Publishing.
  • J. Vacca (2009): Computer and Information Security Handbook, Morgan Kaufmann.
  • W. Stallings (2000): Network Security Essentials: Applications and Standards, Prentice Hall
  • R. Oppliger (2002)Q: Internet and Intranet Security, Artech House
  • J. Lopez and J. Zhou (Eds.) (2008): Wireless Sensor Network Security, IOS Press
  • W. Ford (1994): Computer Communication Security, Prentice Hall
  • Scientific papers, notes and/or books that will be recommended